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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 06 January 2006 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1-8 and 12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^3 Claim(s) 1-8 and 12 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 07 November 2001 is/are: a)K accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) E3 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Kl Some * c)D None of: 

1 .[3 Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Applicant's arguments filed January 6, 2006, have been fully considered but they 
are not persuasive. 

2. Claims 1-8 and 12 are pending and have been examined. Claims 9-1 1 have 
been withdrawn in reply to Election / Restriction mailed on December 12, 2005. 

Response to Amendment 

3. The objection to the drawings is withdrawn. 

4. Claims 1-8 stand rejected over Solomon (US Patent 6,269,409), Toda (US 
Patent Application Publication 2002/0029301), and Herbert et al. (US Patent 5,757,919, 
hereinafter Herbert). 

5. Solomon teaches a second component program executing in the second 
operating system selectively performing a command issued by the first component 
program if execution thereof has been designated as permitted in advance (columns 4- 
5). Even assuming arguendo the cited passage does not read on "a second component 
program executing in the second operating system selectively performing a command 
issued by the first component program if execution thereof has been designated as 
permitted in advance", it was conventional and well known that operating systems 
provide means to determine whether actions are allowable or not, therefore, it would 
have been obvious to modify Solomon to provide such means if Solomon did not 
already provide for such means. 

6. Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1 (b) because they amount 
to a general allegation that the claims define a patentable invention without specifically 
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pointing out how the language of the claims patentably distinguishes them from the 
references. 

7. Applicant's arguments do not comply with 37 CFR 1.1 1 1(c) because they do not 
clearly point out the patentable novelty which he or she thinks the claims present in view 
of the state of the art disclosed by the references cited or the objections made. Further, 
they do not show how the amendments avoid such references or objections. 

Claim Objections 

8. Claims 1 and 12 are objected to because of the following informalities: "CPU" 
must be spelled out. Appropriate correction is required. 

9. Claims 3-4 are objected to because of the following informalities: "OS" must be 
spelled out. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

10. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

11. Claim 12 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 12 recites the limitation "second / first component program". There is 
insufficient antecedent basis for these limitations in the claim. 
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Claim Rejections - 35 USC § 102 

12. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

13. Claims 1-3, 7-8, and 12 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Solomon. 

Regarding claim 1, Solomon teaches a tamper-resistant computer system 
having a CPU and a main memory for executing application software (column 3, lines 5- 
33), comprising: a first operating system (column 3, lines 47-50, 44-65); and a second 
operating system (column 3, lines 57-59, 44-65); wherein the application software 
comprises a first component program executed by the first operating system, and a 
second component program executed by the second operating system (column 4, lines 
33-57), wherein the first component program has a user interface for receiving an 
operational instruction from a user of the computer system and for issuing a command 
to the second component program, and wherein the second component program 
selectively performs the command issued by the first component program if execution 
thereof has been designated as permitted in advance, thereby preventing the second 
component program from being accessed by the user (column 5, lines 5-43). 

Regarding claim 2, Solomon teaches a communication control program that 
sends a command issued by the first component program to the second component 
program if execution thereof is permitted (column 5, lines 21-33). 

Regarding claim 3, Solomon teaches a multi-os control program for controlling 
the first and second operating systems (column 3, lines 55-60); wherein the multi-os 
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control program establishes a particular region in a memory area managed by the first 
operating system (column 5, lines 10-15) so that the particular region can be referred to 
by the communication control program, wherein the user interface of the first component 
program writes the command into the particular region for issuance thereof (column 5, 
lines 10-15), and wherein, by referring to the particular region, the communication 
control program reads a command stored in the particular region by the first component 
program (column 5, lines 21-33), and then, by making reference to a list of the permitted 
commands held in a memory area managed by the second operating system, the 
communication control program sends the command to the second component program 
if the command is in the list (column 5, lines 21-33). 

Regarding claim 7, Solomon teaches wherein, at start of the second component 
program, the second component program adds a command permitted for the first 
component program to the list of permitted commands (column 5, lines 20-33), and 
wherein, at the time of termination of the second component program, the second 
component program removes the command from the list of permitted commands 
(column 5, lines 34-37) (column 5, lines 5-43). 

Regarding claim 8, Solomon teaches wherein the second component program 
comprises a command processing program for command execution (column 4, lines 45- 
57), and a communication control program through which a command issued by the first 
component program is sent to the command processing program if execution thereof is 
permitted (column 4, lines 58-67). 
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Regarding claim 12, Solomon teaches a tamper-resistant computer system 
having a CPU and a main memory for executing application software (column 3, lines 1- 
67, column 4, lines 1-67), comprising: a first operating system (column 3, lines 47-50, 
44-65); a second operating system (column 3, lines 57-59, 44-65); a first application- 
level program executing on the first operating system (column 4, lines 1-67, column 5, 
lines 1-67); and a second application-level program executing on the second operating 
system (column 4, lines 1-67, column 5, lines 1-67), wherein the first application-level 
program has a user interface for receiving an operational instruction from a user of the 
computer system, herein the first application-level program is configured to issue a 
command to the second component program in response to input received by the user 
interface, wherein the second application-level program performs the command issued 
by the first component program if execution thereof has been designated as permitted in 
advance, thereby preventing the second component program from being accessed by 
the user (column 5, lines 1-67, column 6, lines 1-67). 

Claim Rejections - 35 USC § 103 

14. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

15. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Solomon, and further in view of Toda. 

Regarding claim 4, Solomon does not disclose a tamper-resistant hardware 
module for storing a system boot program; wherein the tamper-resistant computer 
system includes an initial program for reading the system boot program at system 
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startup, wherein the system boot program includes a function for executing the multi-OS 
control program, and wherein the multi-OS control program includes a function for 
executing the first and second operating systems. Toda teaches a tamper-resistant 
hardware module for storing a system boot program (page 2, column 2, paragraphs 40- 
42); wherein the tamper-resistant computer system includes ah initial program for 
reading the system boot program at system startup (page 3, column 1, paragraph 49), 
wherein the system boot program includes a function for executing the multi-OS control 
program, and wherein the multi-OS control program includes a function for executing 
the first and second operating systems (page 3, column 2, paragraphs 51-53). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to have a control program (loader) that executes the first and 
second operating systems. One of ordinary skill in the art would have been motivated to 
perform such a modification to allow two distinct operating systems to operate at the 
same time and independently of each other (Toda, page 1, paragraphs 2 and 14-16). 
16. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Solomon and Toda, and further in view of Herbert. 

Regarding claim 5, the combination of Solomon and Toda teaches wherein the 
second component program comprises a system boot program (page 3, column 1, 
paragraph 49). Solomon and Toda do not expressly disclose wherein the second 
component program comprises cryptographic software, and digital signature, wherein 
the hardware module includes a decryption key for the cryptographic software and a 
function for authenticating the system boot program, wherein the system boot program 
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includes a function for performing authentication for the hardware module, a function for 
extracting the decryption key for the cryptographic software from the hardware module, 
and a function for decrypting the cryptographic software with the decryption key 
extracted from the hardware module, and wherein, according to a command from the 
first component program, the system boot program is executed, and in response the 
cryptographic software is decrypted and executed. However, Herbert teaches wherein 
the second component program comprises cryptographic software (column 4, lines 7- 
15), and digital signature (column 4, lines 7-15), wherein the hardware module includes 
a decryption key for the cryptographic software (column 4, lines 16-42) and a function 
for authenticating the system boot program, wherein the system boot program includes 
a function for performing authentication for the hardware module, a function for 
extracting the decryption key for the cryptographic software from the hardware module 
(column 5, lines 1-25), and a function for decrypting the cryptographic software with the 
decryption key extracted from the hardware module (column 5, lines 1-25), and wherein, 
according to a command from the first component program, the system boot program is 
executed, and in response the cryptographic software is decrypted and executed. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to use cryptography and authenticate the boot program. One of 
ordinary skill in the art would have been motivated to perform such a modification to 
maintain integrity and confidentiality (Herbert, Abstract, lines 1-5). 

Regarding claim 6, the combination of Solomon, Toda, and Herbert teaches the 
limitations as set forth under claim 5 above. Furthermore, Herbert teaches wherein the 
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hardware module further includes a decryption key for cryptographic data to be used by 
the second component program, and wherein the second component decrypts the 
cryptographic data (column 4, lines 16-42). 

Conclusion 

17. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

1 8. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 
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20. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

21 . Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

nrr AYAZ SHEIKH 

SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



